Security at Triafy

Triafy uses industry-standard practices to ensure that your data, and the data of your customers is always secure. We don’t publicize all of the security measures we take, but some of the ones we can talk about are listed here.

Secure Hosting

Triafy’s servers are hosted in the Tier 1 data centers of Amazon Web Services (AWS). AWS is an ISO27001-certified hosting provider, with extensive physical, biometric and software access control to the physical servers on which Triafy runs.

Encryption at Rest

All disks used by Triafy, both for long-term & database storage, as well as temporary data storage are encrypted at rest.

Application-level encryption

Certain types of particularly sensitive data, such as API keys, are stored with an additional level of encryption which prevents their disclosure even in the unlikely event our database is compromised.

Automatically updated operating systems and software

Triafy automatically updates the operating system and application software used on our servers as improvements are made and any security problems are fixed.

Automated dependency monitoring

We use automated tools to monitor any libraries and software dependencies we use against databases of known security issues.

Anti-SQL Injection measures

Triafy is built using an widely-used application framework which contains in-built support for bound query parameters. Further, our coding guidelines prohibit any direct manipulation of SQL statements as strings.

Anti-XSS Protection

Our application framework as well as our frontend framework contain automated protection against XSS attacks through automated escaping of any displayed data.

HTTPS always

All communication between your browser, our CDN, Triafy’s servers and the APIs we access are conducted over encrypted protocols such as HTTPS.

Multi-Factor Authentication (MFA)

Triafy uses Multi-Factor Authentication (MFA) for the services we rely on to provide Triafy to drastically reduce the risk of account compromise and takeover.